The European Commission’s General Data Protection Regulation (GDPR) will take effect at the end of this month.
We have been preparing for some time in preparation for the regulation to take effect. In this article, we will address some of the common questions that customers have asked us. For us, the most significant question and the information we want to get across is that all of our office systems are fully compliant with the regulation.
Auditdata, an ISO 27001 Certified Company
In fact, Auditdata is an ISO 27001 certified company and therefore is ideally placed to meet the demands of GDPR and general Data Privacy Compliance Regulation. In this article we will deal with Strato, our easy to use office management system designed for private practice.
Where is my data hosted?
We store our European based client data in a secure data centre in Ireland, which is managed by our infrastructure partner Microsoft. The data centre provides the latest server and security technology and is ISO 27001 certified.
What about backup?
All Strato data is securely backed up, and we can deliver details of backups and security protocols upon request.
Is my data encrypted when transmitted?
Yes, data transferred over internet is encrypted.
What data access controls are in place?
We take data access seriously at Auditdata; firstly, you can only obtain access to Strato data through the Strato OMS Application. A unique Licence key is needed to ensure the connection between the application and the cloud-server; finally, each user must have a unique user ID and a password to access the system.
We also limit access to data within the system with user roles which provide different levels of data access. It means that a receptionist can have access to scheduling without full visibility of clinical details.
What about Privacy Breach Detection
We have security systems in place that monitor and inform us of any attempted data access. We will report any privacy breach within one working day.
What if I want a copy of my data?
As per our license agreement, your data is your property and is considered confidential. Through Strato user interface you have possibility to export your data.
What about Data Portability?
We have separated data within Strato into three specific areas, personal identifier data such as name, date of birth etc, Noah Data and finally any documents you may have added to a Patient record. You can export one or all of these data records depending on the request.
What about Right to Access?
We have designed a right to access feature within Strato that allows an on-screen visualisation of all of the data held against a Patient record. This feature will let you visually show any Patient all of the data you keep about them.
What about Gaining Consent?
We have designed a consent manager feature within Strato that is populated with typical consent paragraphs needed within a Practice. However, because each market is different, you can also setup and customise your own consent paragraphs. Using this system within Strato will ensure that you never undertake any marketing or communication activities that a customer has not consented to.
What about Third Party Sharing?
We have GDPR compliant contracts and processes in place with any third party sub data processors we deal with. Details are available on demand.
GDPR is More Than Software
It is essential that you realise that even if you are using a GDPR compliant software system to handle Patient data, that does not mean that you are GDPR compliant. It means that your office management system is technically compliant, the onus is on you to institute processes and procedures to ensure that the way you use the software and how you share information within your organisation and with third parties is compliant.